The Internet of Concerning Things
The internet of things (IoT) is a network of everyday items, such as fridges, washing machines and even automobiles, that connect to the internet to share and exchange information. Kevin Ashton, who coined the term in 1999, takes the concept one step further, describing it as a ‘ubiquitous sensor network’ that increases automation and thus efficiency.
The IoT has been high on the tech agenda since the early 2000s, and leading technology company Gartner has predicted that 26 billion IoT devices will be connected by 2020. Right now, however, one of the biggest challenges for consumers, manufacturers and regulatory bodies is the lack of universal security standards governing the IoT.
The internet of things is affecting an extensive range of industries, including health care, transportation, construction and retail. The idea of a smart home filled with automated devices such as security gadgets and talking appliances is old news. The Indian government has plans to build 100 smart cities using IoT technology to improve public transport, reduce emissions and enhance security.
IoT technology has been gradually incorporated into the construction industry, helping to reduce fatalities and workplace injuries. Sensors attached to heavy machinery are providing detailed 3D position guides as well as information about electrical lines and water mains. Poor communication and human error—two things that are responsible for construction site mistakes and injuries—will be significantly reduced with additional implementation of IoT technology.
A Fitbit proved invaluable for a man with atrial fibrillation who was taken to hospital after having a seizure last year. The Fitbit data stored on his smartphone showed when the arrhythmia began, which helped doctors determine the appropriate treatment to return his heart to its natural rhythm. Real-Time Innovations believes that integrating IoT technology into the US healthcare system could save 50,000 lives a year by improving clinical data and reducing hospital errors.
On the other hand, security researchers have identified a plethora of IoT vulnerabilities that can be compiled into a compendium of IoT horror stories.
A group of researchers from the University of Michigan hacked a traffic light in 2014, citing a lack of encryption combined with weak passwords as major concerns. The study explains that while traffic lights originally operated on individual timers, they’re now part of a complicated interconnected system that can ultimately save time and reduce carbon emissions. Compromising a traffic light could not only lead to a serious automobile accident, but also gridlock a whole city, resulting in lost wages, wasted time and environmental damage.
Your DVR could, unbeknown to you, be participating in an attack on government websites. The Australian Bureau of Statistics and Census websites crashed while people attempted to fill in their census forms in August 2016. The bureau later revealed that a distributed denial of service (DDoS) attack had overwhelmed the server with requests from many separate sources. Internet-enabled household items such as lights, baby cameras and other electronics can be used for DDoS attacks if they aren’t properly secured. In October 2016, the Mirai Botnet, the largest DDoS attack in history, wreaked havoc in the US and Europe by using IoT devices to attack the internet’s underlying infrastructure and bring down Netflix, CNN and a collection of other websites.
In one of the more disturbing stories, researcher Matt Jackubowski was able to hack a Hello Barbie, a wifi-enabled doll that records conversations with children and stores them as MP3 files. In addition to obtaining the files, Jackubowski got an account ID and network name. He believes that it’s only a matter of time before someone figures out how to replace the doll’s voice and remotely communicate with a child. The playground for cyber predators just got a whole lot bigger.
A major challenge in regulating the IoT is creating protocols that improve security without stifling innovation and increasing costs. Australia represents only a small portion of the IoT market. This means that overregulating IoT security could discourage foreign vendors from selling in Australia, as the required security features may prevent their products from being financially viable.
Having such a wide variety of IoT devices means that security measures will vary. While most devices could be used in botnet or DDoS attacks, some IoT technologies, such as those used in transportation or medicine, should require tighter regulation because they pose additional risks.
In the US, a group of senators has introduced bipartisan legislation that would provide minimum standards for IoT technology purchased by federal agencies. The Internet of Things Cybersecurity Improvement Act of 2017 highlights the importance of built-in security and the provision of security patches for newly exposed vulnerabilities.
ASPI will publish more about the internet of things in the coming months. While there are many questions still to be answered about the IoT, a significant portion of the debate will need to be focused on how to balance security regulations and innovation.